How to Change 389 LDAP Password using PHP Scripting

Change 389 LDAP PasswordThis article has been prepared for the purpose of future reference for system administrator. It will describe how to change 389 ldap password using PHP scripting. In order to use this PHP script, you just need to change few parameters and also tested on CentOS 6.5. 389 LDAP Directory is an enterprise-class Open Source LDAP server for GNU/Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world.

Steps to Change 389 LDAP Password using PHP Scripting

1. Make sure your 389 ldap has been configure correctly :
2. Install php-ldap package into your apache server :

[root@ldapmaster-11 ~]# yum install php-ldap -y

3. Create changepassword.php file and put it into your apache root directory :

[root@ldapmaster-11 ~]# vim /var/www/html/changepassword.php

Modify the $server and $dn in .php file :

$message = array();

function changePassword($user,$oldPassword,$newPassword,$newPasswordCnf){
  global $message;

  $server = "localhost";
  $dn = "dc=ehowstuff,dc=local";
  $userid = $user;

  $user = "uid=".$user.",".$dn;
  $con = ldap_connect($server);
  ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);

  // bind anon and find user by uid
  $sr = ldap_search($con,$dn,"(uid=*)");
  $records = ldap_get_entries($con, $sr);

  $message[] = "Username: " . $userid;
  //$message[] = "DN: " . $user;
  //$message[] = "Current Pass: " . $oldPassword;
  //$message[] = "New Pass: " . $newPassword;

  /* try to bind as that user */
  if (ldap_bind($con, $user, $oldPassword) === false) {
    $message[] = "Error E101 - Current Username or Password is wrong.";
    return false;
  if ($newPassword != $newPasswordCnf ) {
    $message[] = "Error E102 - Your New passwords do not match! ";
    return false;
  if (strlen($newPassword) < 4 ) {
    $message[] = "Error E103 - Your new password is too short! ";
    return false;
  if (!preg_match("/[0-9]/",$newPassword)) {
    $message[] = "Error E104 - Your new password must contain at least one digit. ";
    return false;
  if (!preg_match("/[a-zA-Z]/",$newPassword)) {
    $message[] = "Error E105 - Your new password must contain at least one letter. ";
    return false;
  if (!preg_match("/[A-Z]/",$newPassword)) {
    $message[] = "Error E106 - Your new password must contain at least one uppercase letter. ";
    return false;
  if (!preg_match("/[a-z]/",$newPassword)) {
    $message[] = "Error E107 - Your new password must contain at least one lowercase letter. ";
    return false;

  /* change the password finally */
  $entry = array();
  $entry["userPassword"] = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) );

  if (ldap_modify($con,$user,$entry) === false){
    $message[] = "E200 - Your password cannot be change, please contact the administrator.";
  } else {
    $message[] = " Your password has been changed. ";
    //mail($records[0]["mail"][0],"Password change notice : ".$userid," Your password has just been changed.");

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="" xml:lang="en" lang="en">
  <title>Change your LDAP password</title>
  <style type="text/css">
  body { font-family: Verdana,Arial,Courier New; font-size: 0.7em;  }
  input:focus { background-color: #eee; border-color: red; }
  th { text-align: right; padding: 0.8em; }
  #container { text-align: center; width: 500px; margin: 5% auto; }
  ul { text-align: left; list-style-type: square; }
  .msg { margin: 0 auto; text-align: center; color: navy;  border-top: 1px solid red;  border-bottom: 1px solid red;  }
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <div id="container">
    <h2>Change your LDAP password</h2>
  <li> Your new password must be 8 characters long and contain at least one letter and one digit. </li>
    <form action="<?php print $_SERVER['PHP_SELF']; ?>" name="passwordChange" method="post">
      <table style="width: 400px; margin: 0 auto;">
        <tr><th>Username:</th><td><input name="username" type="text" size="20" autocomplete="off" /></td></tr>
        <tr><th>Old password:</th><td><input name="oldPassword" size="20" type="password" /></td></tr>
        <tr><th>New password:</th><td><input name="newPassword1" size="20" type="password" /></td></tr>
        <tr><th>New password (again):</th><td><input name="newPassword2" size="20" type="password" /></td></tr>
        <tr><td colspan="2" style="text-align: center;" >
          <input name="submitted" type="submit" value="Change Password"/>
          <button onclick="$('frm').action='changepassword.php';$('frm').submit();">Cancel</button>
    <div class="msg"><?php
      if (isset($_POST["submitted"])) {
        foreach ( $message as $one ) { echo "<p>$one</p>"; }
      } ?>

Reference :

Leave a Reply

Your email address will not be published. Required fields are marked *

A world leading hosting company that provides fully-managed innovative and secure solutions, suitable for hosting small to medium-sized websites

Built on the best available technologies combined with Google Cloud for strong redundancy and application availability. Backed by skilled experts to address web security threats, a devops team to create advanced custom security solutions, and 24/7 sysadmins to watch over the platform. This powerful, hands-on approach makes your sites faster, safer, and easier to manage. Starting from only $3.95/mo.


* up to 30 days money back guarantee